[Pkg-libvirt-maintainers] Bug#930100: after upgrade to buster, qemu cannot read default spice certs

[Sam Hartman]

package: libvirt-daemon-system
severity: important
version: 5.0.0-3

Upgrading stretch to buster.
After the upgrade, libvirt could not read /etc/pki/qemu/server-cert.pem
and server-key.pem.

This is because of the apparmor profile.

I think that's the default place where you're supposed to put spice and
vnc certs if you're using tls.

Please include /etc/pki/qemu and /etc/pki/libvirt-spice (the old
location) as directories that qemu run by libvirt is permitted to read.